Greetings flyboys and girls.

On a previous thread there was a video of various anti-virus programmes and how they performed. (Can't find the thread, sadly).

Comodo came out best at finding nasties so I D/Ld a copy to see how it fared. Found a bug in a .zip file I D/Lded ages ago from our site here which I thought must be a false positive as testing with Malwarebytes found nothing.

Now the problem is I cant get rid of a part of Comodo. 'GeekBuddies' has be put on my kit in a place other than the Comodo folder. It showed up in the Comodo folder originally but now it just keeps appearing in my Task Manager. The Comodo has gone from Program Files but 'GeekBuddies' is still alive somewhere else. I recon it must the suspicious as any honest programme would remove completely.

So don't touch Comodo. It's spyware in my book.

Graham.

Odd I tried Comodo and had to uninstall it - which went fine btw - as it caused a conflict with the SPAD/Saitek drives, otherwise it was a pretty fine AV program.

have you looked in your registry for any lingering "stuff"?

NT in my Registry here is the comparison video

http://youtu.be/mp6ytxMgckg

That's the one Naismith. Don't know anything at all about delving into the registry Daveroo.

I uninstalled it in the 'Add/Remove' programme, but after removal, on inspection of the programme files Comodo was still there. Inside were a load of .dll files in various folders and one .db (I think) file. These would not delete nor erase as they came up as in use with another programme.

After a while I managed to remove the files left in the Comodo folder (including 'GeekBuddy') by renaming the .xx at the end of them and erasing them one at a time. Now there is no Comodo folder extant on my kit but the blasted 'GeekBuddy' keeps firing up from an unknown place after Windows Manager shuts it down each time.

Any help with the registry tinkle would be most gratefully accepted chaps.

Regards,

Graham.

Have you tried MSconfig from the Start menu? It will give you an idea of what is starting with Windows and allow things to be turned off or deactivated, with a reboot. If you are not well versed in some of the workings of Windows, I would be hesitant to go turning things off or on. But getting a screenie or two of what's listed in MSconfig and asking for help would be a good start.

I have had trouble uninstalling a couple of these programs in the past perhaps this list will be of some help.
http://kb.eset.com/esetkb/index?page=content&id=SOLN146

Do you know for a fact that GeekBuddy is a part of comodo? Or is it an "added benefit" of installing comodo.
If you do Adobe flash updates, they try to sneak Macafee's products by you unless you actively de-select it.

You could try to search all files for GeekBuddy*.* and see what if anything comes up. If it appears, kill it manually.

I have been using Microsoft Security Essentials and it got the worst score on Britec's test. :isadizzy:

Comodo came out best at finding nasties so I D/Ld a copy to see how it fared. Found a bug in a .zip file I D/Lded ages ago from our site here which I thought must be a false positive as testing with Malwarebytes found nothing. Now the problem is I cant get rid of a part of Comodo. 'GeekBuddies' has be put on my kit in a place other than the Comodo folder. It showed up in the Comodo folder originally but now it just keeps appearing in my Task Manager. The Comodo has gone from Program Files but 'GeekBuddies' is still alive somewhere else. I recon it must the suspicious as any honest programme would remove completely. So don't touch Comodo. It's spyware in my book. Hi all. 1) it is not unusual for one program to decide something is a virus and another not to notice anything - there seems to be some distinction in the industry between viruses and malware (something along the lines of a virus you didn't agree to being on your computer, malware you did - even if unconsciously). I always run an anti-virus program and an anti-malware program - currently Comodo and Malwarebytes AntiMalware. 2) Never had a problem with Comodo other than the latest version has gone a bit windows 8 in the user interface - doesn't take long to get used to (Comodo, not win8!). When installing any software make sure you read the stuff next to the tick boxes etc, you don't _have_ to install Geekbuddy from memory. I don't. Graham - if you can't remove GeekBuddy from the Windows Control Panel (then select program options - it is labelled differently in different versions of Windows but it shouldn't be hard to find) then the easiest way to get rid of it will be to re-install it (Comodo including Geekbuddy), then remove it - Geekbuddy being the first thing to remove. Editing the registry is NOT a good idea unless you have no other alternative. Good luck, Steve

Nothing is ever 'Free'.
I've been using Webroot SecureAnywhere for some time and while it costs $$$ it has been consistently reliable.
Aside from a few false positives (they all do that) it runs in conjunction with Windows Firewall without any hassles, and is very configurable.
:kilroy:

When I have had those types of unwanted guests I have had good results with the free Revo Uninstaller. It's not a malware removal tool but instead a program removal tool same as MS's 'add/remove programs' utility. So far it's done a much better job of cleaning out the file fragments registry dregs that can linger on after a basic removal attempt. It is worth noting that this software you are trying to get rid of may need to be fully reinstalled before using Revo. This should provide all the references and locations of data connected with the target program that Revo needs to do its job. Also when using Revo I always select the "Advanced" uninstall mode which does the most thorough job which sometimes requires a restart to complete the task. If you're not having luck with the malware removal tools, this one might be worth a shot. Good luck.

I have been using Microsoft Security Essentials and it got the worst score on Britec's test. :isadizzy:

Dear Moses,

M$ can't even get their other software bug free and safe, so I wouldn't trust them with any free AV software. Moreover, M$SE uses the windows firewall. Putting it politely, using windows firewall is folly. It's like trying to block a blazing fire with a sheet of paper...

Myself, I am willing to pay good money for security. I use ESET, have been for years now, and I am a happy customer. It is extremely light on your system, security is very good and it doesn't bug you constantly. And it is not expensive: for a two year license I paid 68€. For almost carefree surfing, that is hardly next to nothing.

At work (I work in IT) we did a few tests, and M$SE consistently came out as the worst possible choice. In fact, using freeware AV or security is NOT safe at all. With all the nasties going around on the nets, you cannot risk your rig with freeware security. As most us gamers use quite expensive hardware, investing just a little bit more in security is just plain good sense.

That is of course just MHO.

Take care,

Dumonceau

Greetings again all,

Please excuse my lack of reply over the last couple of days. I did reply to you all two nights ago, but when I had written a veritable tome of events and pressed the 'Submit Reply' button, the site just locked out with a 'sending reply' (or something of that nature). Leaving everything alone for 15 minutes or so made no difference. Reply gone - not sent, logged out - Ace!

So this time I have written to you all offline in the forlone hope I can 'Beat The Clock'.


Meshman; Thank you for your reply. I tried what you said (start/run/msconfig) but I R/Xd a message that 'Windows does not recognise...' Did something wrong there.

gradyhappyg; Thanks for the input. This is how I initially removed the proggy. The 'COMODO' folder still existed in Program Files (with GeekBuddy inside). It refused to go whether by Delete or Erase.


KellyB; Thanks KerllyB. I D/Ld the normal programme and somehow 'GeekBuddy' and 'Dragon' were in with it. I would not knowingly D/L addons, (but then, given what's happened, what do I realy know!). 'GeekBuddy' is a helpline with a phone number to help you get rid of nasties. I found that amusing..

SW; Thanks mate. Tried Windows Control Panel (mine is Task Manager- XP).. As soon as I stop it, it fires up again immediately.

aeromed222; Thank you aeromed222. I will keep that info on file for the next self inflicted crisis.

Dumenceau; Thank you for the nod. I have McAfee 'free' (don't you just love that?) from my O2 ISP. It's sheer crap. Couldn't find a cold in a hospital full of people with bright red noses sneezing in it's face. When it does it's 'updates', it hangs on to the PC as if it's drowning. I copped a bug last year, MalwareBytes found it straight away; McCrappy missed it, even though the beasty was 18 months old at the time.


I thought I'd take up daveroo's idea of hunting in the registry. I found around thirty+ appearances of COMODO Dragon and GeekBuddy, together and seperately. Deleted .exe, dll, and anything else I could find in all these areas;


HKEY_CURRENT_USER/Software/COMODO

Inproc server32

DATAC/PROGRAM FILES/comodo/GeekBuddy/lps-cspm/components/core/component 3/Autoruns/Wrapper.dll

HKEY_CLASSES_ROOT/Installer/Products/Type Lib/{DA5BEF3F-BBB4-45BE-BDBA-BD57B34ACA97}

HKEY_CURRENT_USER/Software/Search Assistant

HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Explorer/MenuOrder/Programs/Comodo

HKEY_LOCAL_MACHINE/System/Enum/Root/LEGACY_GEEKBUDDYRSP. This one would not delete. Deleting the contents of the main
folder would only make it come back again with a message stating; 'Error whilst deleting key'.

(I have not listed any more as there were around another 25 places and I got writers cramp logging them).


I deleted all the appearances I found and came out. That's when I noticed GeekBuddy at the bottom of the screen, next to the clock, telling me I had not set a password! It never was there before.

Looking in Task Manager GeekyBoy was there as happy as ever. Turn it off and it fired up again immediately.

As I had appeared to have emptied all the Registry files but GeekBuddyRSP.exe still launched I searched for it with the Search programme. It was in;

Programme Files/Common Files/COMODO/, along with it's launcher.exe.

A quick start in safe mode kissed them two goodbye!

But now my 'buddy' has gone, but as far as I'm concerned, due to the fact that it refused to leave when asked, it is a malware/spyware/ - whatever.

But COMODO did find a bug in 'Bloch131.zip' at Sim-outhouse here! A false positive methinks...

My thanks again to each and every one of you all for your ace ideas and concern. I appreciate them all very much. And I learnt a few things too.

Best regards,

Graham 'GeekBuddy free' Sullivan.

It is always satisfying to find the demons and cast them out!:applause:

I'll second that sentiment KellyB.

Graham.

I have actually seen Webroot and Norton (Garbage) actually lock you out of the internet when their licenses needed to be renewed. Have also seen Webroot interfere with Windows Updates, in all Webroot is good as long as you know what you are doing when you go tinkering with it. As for Comodo, have seen it on some PC's but don't care for it.. Their firewall program is a nightmare if the user inadvertently clicks to block something, removing the software doesn't always fix the problem...

I use Avast Free and have been using for almost 5 years now with no problems and have never needed the paid version. Used AVG before that and it was fine until version 9 came out and then it was just an intrusive POS.

When I have had those types of unwanted guests I have had good results with the free Revo Uninstaller. It's not a malware removal tool but instead a program removal tool same as MS's 'add/remove programs' utility. So far it's done a much better job of cleaning out the file fragments registry dregs that can linger on after a basic removal attempt. It is worth noting that this software you are trying to get rid of may need to be fully reinstalled before using Revo. This should provide all the references and locations of data connected with the target program that Revo needs to do its job. Also when using Revo I always select the "Advanced" uninstall mode which does the most thorough job which sometimes requires a restart to complete the task. If you're not having luck with the malware removal tools, this one might be worth a shot. Good luck.

I second using REVO uninstaller for removing programs. I have been using it for years instead of using the program's uninstaller or the M$ add/remove function. Just a word of caution, use with care as any registry changes cannot be undone. Rule of thumb, on the registry page only check the boxes of the lines that are in bold (blue) print. If in doubt click on the "+" sign to expand each registry line and ensure what you are removing belongs to that specific program. There is a free and a professional version. The free one works just fine for normal use.

Also CCleaner is a great program for removing unwanted files, cookies, etc... Also has a registry cleaner, it will scan the registry for unused, broken, orphaned file paths. Has a option to make a backup of the registry files before removing/cleaning them. This way you can reinstall the last backup if something is wrong.

As always, make a restore point before using any program you are unfamiliar with so you always have a last known good working point.

Hope this helps.